Open Source

46163 readers

87 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 6 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml

234

LibreOffice learns to speak Markdown in version 26.2 (www.theregister.com)

submitted 1 month ago by Zerush@lemmy.ml to c/opensource@lemmy.ml

13 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] ClassyHatter@sopuli.xyz 34 points 1 month ago (1 children)

Hopefully it doesn't have any Remote Code Execution vulnerabilities, like Microslop's implementation had.

[–] jdnewmil@lemmy.ca 14 points 1 month ago (3 children)

How in the world did they manage that? Did they implement it internally as a TCP API and expose it?

[–] warmaster@lemmy.world 21 points 1 month ago

It was like:

Hey Copilot, add Markdown support in Word

Sure thing Satya! There you have it, I made sure not to add any vulnerabilities like you always tell me.

[–] ClassyHatter@sopuli.xyz 18 points 1 month ago (1 children)

I don't know the technicalities, but Markdown supports links, and it's possible to craft a link that downloads a file and then executes it. You can look up the Notepad.exe RCE vulnerability from this year.

[–] thorhop@sopuli.xyz 12 points 1 month ago

Basically Notepad would pass the link to ShellEx and could launch executables.

[–] jol@discuss.tchncs.de 5 points 1 month ago

They probably vibe coded it, and only copilot reviewed and merged the code.